Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Winfixer Help Please! [CLOSED]

tigerphi

Posted 16 October 2005 - 07:06 PM

tigerphi

New Member

Member

9 posts

I need help with my computer. It has the winfixer pop-up virus/malware that I cannot get rid of. I have emptied all temporary files, deleted cookies, ran spybot, avg-anti virus, done it all. Now I'm ready to post my "HIJackTHIS" log, and here it goes...

After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat

You will first be presented with a warning.
It should look like this

VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....

At this point press enter one time.

Next you will see:

Please Type in the filepath as instructed by the forum staff
and then press enter:

At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\gebyv.dll

Press Enter to continue with the fix.

Next you will see:

Please type in the second filepath as instructed by the forum
staff then press enter:

At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\vybeg.*
This will be the vundo filename spelt backwards.

Press Enter to continue with the fix.

The fix will run then HijackThis will open, if it does not open automatically please open it manually.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).Set the program up as follows:Click "Options..."Move the arrow down to "Custom CleanUp!"Put a check next to the following (Make sure nothing else is checked!):

tigerphi

Posted 09 November 2005 - 06:33 PM

tigerphi

New Member

Topic Starter

Member

9 posts

Can I get some help? My situation has come back again on my computer when it used to be fixed. The post above is a whole new scan...It's already been a day and nobody has responded, they just merged my post with my previous one...what do I need to do now?

After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat

You will first be presented with a warning.
It should look like this

VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....

At this point press enter one time.

Next you will see:

Please Type in the filepath as instructed by the forum staff
and then press enter:

At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\jkklk.dll

Press Enter to continue with the fix.

Next you will see:

Please type in the second filepath as instructed by the forum
staff then press enter:

At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\klkkj.*

Press Enter to continue with the fix.

The fix will run then HijackThis will open, if it does not open automatically please open it manually.

In HiJackThis, please place a check next to the following items and click FIX CHECKED:

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).Set the program up as follows:Click "Options..."Move the arrow down to "Custom CleanUp!"Put a check next to the following (Make sure nothing else is checked!):

Empty Recycle Bins

Delete Cookies

Delete Prefetch files

Cleanup! All Users

Click OKPress the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Post a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic

tigerphi

Posted 14 November 2005 - 11:11 AM

tigerphi

New Member

Topic Starter

Member

9 posts

Here's my Activescan. I can't seem to find the file when I do a search for it called "awtqn.dll" I don't know if it's actually still on my system or not. I deleted program folders for lycos and scbar, but I guess there is more left in another folder? I wasn't sure how to delete the files in safe mode, I tried running virtumonde again and it wouldnt work, I guess b/c I already used it to fix the previous problem. I was gonna use it to try and delete the .dll file. Maybe if you know what exactly I should do, through a command prompt to delete certain things...b/c I wasn't sure what to type.

loophole

Posted 19 November 2005 - 02:23 PM

loophole

Malware Expert

Retired Staff

9,798 posts

I apologize for the late reply

Click here to download Pocket Killbox by Option^ExplicitNow open pocketkillbox Select the option "Delete on reboot".Now highlight and 'copy' (Ctrl + C) the entire list of filepaths below:Click 'File' on the killbox menu at the top and choose 'Paste from clipboard'The entire list should now be in the "Full Path of File to Delete" field.To check, click on the dropdown-arrow next to that field.If you expand it, these lines should all be there